Windows Server 2012 Users Beware: 0day Vulnerability Bypasses Mark of the Web Security
ACROS Security, the creators of 0patch micropatching technology, have uncovered a zero-day vulnerability affecting Windows Server 2012 and Server 2012 R2. This vulnerability allows malicious actors to circumvent the “Mark of the Web” security feature, potentially leaving servers open to attack.
The Mark of the Web is a critical security mechanism that flags files downloaded from the internet. This flag warns users before opening potentially dangerous files, adding an extra layer of protection against malware. However, the vulnerability discovered by ACROS Security researchers allows attackers to bypass this check on certain file types, effectively removing this crucial safeguard.
Alarmingly, this weakness has existed for over two years, hidden in plain sight. As Mitja Kolsek from ACROS Security notes, their analysis revealed that the vulnerability “was introduced to Windows Server 2012 over two years ago, and remained undetected – or at least unfixed – until today. It is even present on fully updated servers with Extended Security Updates.” This means that even organizations diligently applying updates are still at risk.
ACROS Security has responsibly disclosed the vulnerability to Microsoft and has taken immediate action to protect its users. They have released free micropatches for both legacy and supported versions of Windows Server 2012, providing a temporary shield until Microsoft issues an official fix.
“Vulnerabilities like these get discovered on a regular basis, and attackers know about them all,” warns ACROS Security. “If you’re using Windows that aren’t receiving official security updates anymore, 0patch will make sure these vulnerabilities won’t be exploited on your computers – and you won’t even have to know or care about these things.”
These unofficial patches are available for
- Windows Server 2012 updated to October 2023
- Windows Server 2012 R2 updated to October 2023
- Windows Server 2012 fully updated with Extended Security Updates
- Windows Server 2012 R2 fully updated with Extended Security Updates
Organizations relying on Windows Server 2012 should strongly consider applying the 0patch micropatches and staying informed about Microsoft’s upcoming official patch.
